Hi Support,
I have two server one is domain controller and 2nd one is additional domain controller but now i want to transfer all domain controller roles to additional domain controller and discard the 1st domain controller.
↧
How to transfer domain controller all roles to additional domain controller and discard domain controller
↧
Folder Redirection still appearing in gpresult after GPO removal/unassignment
Hi folks!
I am hoping you can help me with this...
I am having an issue where I have disabled the Folder Redirection GPO on the Domain Controller (Server 2012 R2) but the policy entries still remains under "Folder Redirection" list after doing a gpresult via the logged in users domain account on their laptops.
This is only happening to users who previously had the folder redirection policy applied. For some reason the remenance of the folder redirection still applied to these effected users.
However, newly logged in accounts on the same machine do not pick up the folder redirection settings (as they have been disabled) and the folder redirection area of "gpresult /v" appears as below (as expected):
Folder Redirection
------------------
N/A
An example of the output of "gpresult /v" on the effected machines are similar to the below (ignore the arrow):
https://filedb.experts-exchange.com/incoming/2016/11_w46/1126504/FR-GPO.jpg
Is there any way I can remove these entries on the effected existing user accounts via registry entries or something else? (as I do not want to have to wipe their profiles!).
Please do let me know! Looking forward to your responses!
Thank you
↧
↧
SCCM 1810 Error Task Sequence Manager failed to execute task sequence. Code 0x80004005
Hi,
- https://danikuci.wordpress.com/2014/03/26/configuring-sccm-for-managing-macs/
- https://blogs.technet.microsoft.com/jchalfant/how-to-configure-microsoft-sccm-to-use-https-pki/
I have followed above link to Configure Microsoft SCCM to Use HTTPS/PKI but its keep failing with "Task sequence execution failed with error code 80004005"
I want through the setup few times and I cant see what I have miss or why its not working.
looking the the log it show these errors.
connect (sock, (struct sockaddr *) &SockAddrIn, sizeof (struct sockaddr_in)) == 0, HRESULT=8007274d (..\libsmsmessaging.cpp,889) ApplyOperatingSystem 11/03/2019 12:03:35 1116 (0x045C)
socket 'connect' failed; 8007274d ApplyOperatingSystem 11/03/2019 12:03:35 1116 (0x045C)
hr, HRESULT=80072efd (..\libsmsmessaging.cpp,10283) ApplyOperatingSystem 11/03/2019 12:03:35 1116 (0x045C)
sending with winhttp failed; 80072efd ApplyOperatingSystem 11/03/2019 12:03:35 1116 (0x045C)
oHttpTransport.Send ((char *) S_DAVQUERY, (sizeof(S_DAVQUERY)/sizeof(S_DAVQUERY[0])) - sizeof(char), pReply, nReplySize), HRESULT=80072efd (..\downloadcontent.cpp,927) ApplyOperatingSystem 11/03/2019 12:03:35 1116 (0x045C)
SendResourceRequest() failed. 80072efd ApplyOperatingSystem 11/03/2019 12:03:35 1116 (0x045C)
SendResourceRequest(pCertContext), HRESULT=80072efd (..\downloadcontent.cpp,612) ApplyOperatingSystem 11/03/2019 12:03:35 1116 (0x045C)
oDavRequest.GetDirectoryListing (setDirs, setFiles, pCertContext), HRESULT=80072efd (..\resolvesource.cpp,3301) ApplyOperatingSystem 11/03/2019 12:03:35 1116 (0x045C)
Download() failed. 80072efd. ApplyOperatingSystem 11/03/2019 12:03:35 1116 (0x045C)
Trying https://DP-0001.Doamin.local/NOCERT_SMS_DP_SMSPKG$/xxx001D5. ApplyOperatingSystem 11/03/2019 12:04:09 1116 (0x045C)
In SSSL - but not using DP auth token or authenticator
In SSL, but with no client cert ApplyOperatingSystem 11/03/2019 12:04:09 1116 (0x045C)
SetNamedSecurityInfo() failed. TSManager 11/03/2019 12:04:36 1516 (0x05EC)
SetObjectOwner() failed. 0x80070005. TSManager 11/03/2019 12:04:36 1516 (0x05EC)
RemoveFile() failed for C:\_SMSTaskSequence\TSEnv.dat. 0x80070005. TSManager 11/03/2019 12:04:36 1516 (0x05EC)
RemoveDirectoryW failed (0x80070091) for C:\_SMSTaskSequence TSManager 11/03/2019 12:04:36 1516 (0x05EC)
The execution of the group (Install Operating System) has failed and the execution has been aborted. An action failed.
Operation aborted (Error: 80004004; Source: Windows) TSManager 11/03/2019 12:04:28 1516 (0x05EC)
Failed to run the last action: Apply Operating System. Execution of task sequence failed.
The system cannot find the file specified. (Error: 80070002; Source: Windows) TSManager 11/03/2019 12:04:28 1516 (0x05EC)
Execution::enExecutionFail != m_eExecutionResult, HRESULT=80004005 (tsmanager.cpp,1273) TSManager 11/03/2019 12:04:36 1516 (0x05EC)
Task Sequence Engine failed! Code: enExecutionFail TSManager 11/03/2019 12:04:36 1516 (0x05EC)
Task sequence execution failed with error code 80004005 TSManager 11/03/2019 12:04:36 1516 (0x05EC)
If I remove the https and leave the dp to http then everything works.
↧
Change date format for RDP sessions
Hi
I want to change the date format for RDP users for just one VM. I have created the policy and did the f5 trick as per this post
https://theezitguy.wordpress.com/2014/08/07/group-policy-use-regional-settings-to-change-date-format/
but still the date format is correct when i RDP.
Under scope - security filtering of the GPO i have entered my own username as well as the VM name in question, any idea why the settings isnt taking effect ?
↧
Cannot Find "Defer Upgrades and Updates" Policy Setting in Windows Server 2012 R2
Let me start with a few environmental factors and steps already taken:
- OS: Windows Server 2012 R2
- Patch Level: Updated as of 05/02/2018 -- Latest KB installed is 2018-04 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-bases Systems (KB4093114)
- I've installed the following ADMX template files and have since rebooted the computer:
- Windows10-ADMX.msi;
- Windows10_Version_1511_ADMX.msi;
- Windows 10 and Windows Server 2016 ADMX.msi;
- Windows_ 10_Creators_Update_ADMX.msi;
- Windows_10_Fall_Creators_Update_1709_ADMX.msi
Let me say that this is the case for two different Windows Server 2012 R2 Domain Controllers. Same patch level, same installed ADMX templates etc. with the same result where I can't see the necessary policy setting.
I began this process by reading a microsoft article [1] which shows the Policy Setting in question. I also read a 4sysops article [2] on the same subject (albeit a somewhat old article) which I think should still apply.
Despite installing all of the above ADMX templates (if there are more needed to be installed for Windows 10, please let me know) I am unable to find the following policy: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Upgrades and Updates
Below I will leave a link [3] to an image of the options I do see.
Why can't I see this option? I need to use it urgently as Windows 10 v1803 has already caused compatibility issues in our organization and we desperately need to defer it. Please let me know if there is another template file I need installed or if there's something else I need to do to see it.
[1] https://docs.microsoft.com/en-us/windows/deployment/update/waas-wufb-group-policy
[2] https://4sysops.com/archives/the-new-defer-upgrades-and-update-group-policy-in-detail/
[3] https://imgur.com/a/0mTEfxQ
Sorry for the odd link formatting and the use of imgur vs inserting the image in-line, for the life of me I cannot get my account verified and so am forced to drop plain links that way.
↧
↧
Managing new Windows 10 versions in Group Policy
Hi,
We have a mix of Windows 10 versions in our environment and I'm just wondering if there are any issues with copying the latest Windows 10 1809 admx files and overwriting the files currently in the PolicyDefinitions folder. Especially as the majority of the devices we have are Windows 10 1709 or 1803. I assume not and that the newer template files keep all of the older settings, just add on top and it doesn't matter if they aren't relevant to older versions?
Any best practices that I should be aware of? I read the below link from Microsoft saying to basically create a copy of your current PolicyDefinitions folder, copy in the new files and then archive the original folder.
Does it matter which computer you are managing all this from or should you be on a DC?
Also, what about the baselines for each version when using the Security Compliance Toolkit. Should you have a GPO for each version of Windows 10?
Thanks.
↧
Group Policy Error: A referral was returned from the server
I'm stumped on this one.
I have an AD environment with five sites, ten domain controllers. All DCs are running Server 2012 R2 and that is also the functional level of the domain. I built up a new print server (running Server 2016 w/ full GUI) and when deploying a printer from print management, I get this error when browsing for the GPO to add the printer to:
"Failed to query for the list of Group Policy Objects linked to this container." Details: "A referral was returned from the server."
If I close the error and try browsing again, eventually it will show me all of my OUs and GPOs. It usually takes about 4 attempts. I have never seen this error appear anywhere other than print management. It shows up regardless of whether I'm using print management from my desktop (connected to the print server) or from the print server directly.
I ran a dcdiag and everything passes. Group policies are applied properly to clients. At the site my desktop and the print server live in, I've powered off one DC at a time to see if I could isolate it to a request made to one or the other. There was no change in the behavior when either one was shut down.
Any ideas? Thanks!
↧
{uuzoa2.com } 대전오피 「유유닷컴」 즐달 대전립카페
유유닷컴
↧
Software Deployment using GPO through User Settings - not working
We have created a GPO to install Firefox (version 63) through the User Settings (not Computer Configuration).
Domain - User Configuration - Policies - Software Settings - Software Installation - Firefox 63
Assigned
Uninstall this application when it falls out of the scope of management
Install this application at logon
Installation user interface options (maximum) - Make this 32bit X86 application available to Win64 machines
After setting the above settings - I replicate the policy across the DC's and did a gpupdate /force on the network pc.
When the computer rebooted - the software is not installed.
I check the GPRESULT /R /Scope Computer - and the GPO Firefox is listed there.
I check the GPRESULT /R /Scope User - and the GPO Firefox is not listed
Why is the GPO Management ignoring the "user settings"?
There is a reason why we want to get the software installed via User Settings.
The software have no problem being installed via Computer Configuration - but when we put the computer out in the field - the GPO - computer configuration is not able to deploy. Only User Settings is available out in
the field.
I appreciate any and all of your help on this matter.
Thanks Gil
↧
↧
Not applying group policy on some clients
Hello
Everyday we are having some clients, that are not reachable via ping. The client is able to access every network ressource (fileshare, exchange and so on) normally. After forcing the group policy manually the client is reachable again. It wouldn't apply some of our GPO (for example: updating from our WSUS or blocking the Microsoft store) and the automatic update after 90 Minutes didn't work either.
We analysed the eventviewer logs and the only error we found was following:
Error: Bandwidth estimation failure: Failed to query Intranet capability. Error code 0x15.
That happend usually in the morning. After some researches we changed the GPO Processing mode to asynchrous (always wait for the network at computer startup and logon):
https://blogs.technet.microsoft.com/grouppolicy/2013/05/23/group-policy-and-logon-impact/
After this change it seemed to be better, there were cleary less clients that are having gpo problems. But we are still having cases, where clients are not applying the group policy correct.
What could cause this problem with our group policy?
Further information about our environment:
Client OS: Windows 10 (1709)
DC OS: Windows Server 2012 R2 and Windows Server 2016
↧
GPO does not apply to a specific user
Hi Team,
I have tried all possible case to find a solution here
there is one policy for a shortcut which is not applying to one user however when we run gpresult, it shows as applied.
Checked - Scope, Security filtering, WMI, permission, loopback.....nothing is causing the issue
I have run out of steps to follow now except GPSVC log, Is there anything I missed to check here ??
Is there any trace I can do to find out?
↧
Disable only windows firewall notifications in Windows 10 with Group Policy
Hi!
How to disable only the windows firewall notifications in Windows 10 with group policy? I tried with registry change but didn't work.
Anybody have a solution for this problem?
Szilard
↧
Central Store, Office 2010, 32 bit vs 64 bit ADMX templates
From what I understand so far:
- Office 2010 32 bit templates is for the 32 bit version of Office 2010.
- Office 2010 64 bit templates is for the 64 bit version of Office 2010.
Both sets of policies uses the same name-convention,
- Example of 32bit template name: access14.admx
- Example of 64bit template name: access14.admx
Question: How should we solve this when using a Central Store?
We need to be able to support both 32/64 versions of Office in the environment.
Strategy 1:
- Don't use central store for Office 2010 policies
- Use ADM instead, and save it per Policy instead of using ADMX on the Central Store.
Strategy 2:
- Manually rename all the 32/64 policies? - Alltough it may show up in the GPO editor as one setting anyway (32 or 64 'wins' hiding the settings from the other version).
Strategy 3:
- Or is it possible that it doesn't matter which version of the templates we use? Just use one of them, prefferably the 64bit edition?
Sincerly, Jon E. Carlsen
↧
↧
Office 2010 admin templates 32 and 64 bit
Hello,
Most of our users have MS 2010 Pro Plus 32-bit installed and we have implemented the group policies from the 32-bit admin templates.
We are starting to deploy MS 2010 Pro Plus 64-bit versions on our x64 Win7 OS. Will the current office 2010 GPOs also apply to the 64-bit Office 2010? We have downloaded v2 of the office admin templates of both 32-bit and 64-bit and compared that there's not difference in the size of the adm files (we're still using the adm instead of admx). Please help us confirm/clarify.
Thanks,
Chendra DW
Thank You, Chendra DW
↧
How do I fix this error regarding the Google Chrome admx etc.??
It comes up all the time in our GPMC.
Should I remove and re-install the admx and adml files, what??
I don't yet have any Chrome policies even.
The crossed-out part is our local domain name.
↧
Folder Redirection still appearing in gpresult after GPO removal/unassignment
Hi folks!
I am hoping you can help me with this...
I am having an issue where I have disabled the Folder Redirection GPO on the Domain Controller (Server 2012 R2) but the policy entries still remains under "Folder Redirection" list after doing a gpresult via the logged in users domain account on their laptops.
This is only happening to users who previously had the folder redirection policy applied. For some reason the remenance of the folder redirection still applied to these effected users.
However, newly logged in accounts on the same machine do not pick up the folder redirection settings (as they have been disabled) and the folder redirection area of "gpresult /v" appears as below (as expected):
Folder Redirection
------------------
N/A
An example of the output of "gpresult /v" on the effected machines are similar to the below (ignore the arrow):
https://filedb.experts-exchange.com/incoming/2016/11_w46/1126504/FR-GPO.jpg
Is there any way I can remove these entries on the effected existing user accounts via registry entries or something else? (as I do not want to have to wipe their profiles!).
Please do let me know! Looking forward to your responses!
Thank you
↧
Windows 10 Privacy Options GPO not working
Hi
I was trying to set "Let websites provide locally relevant content by accessing my language list" to off via GPO. I found several articles referencing the following :
"Let website provide ..."
Key: HKEY_CURRENT_USER\Control Panel\International\User Profile
Value name: HttpAcceptLanguageOptOut
Value data: 1 (disable the option)
I added this key through GPO and the key was added but the button still showed as on. So I manually turned the button off and it just made an extra identical key and now the button shows “off”….
If I turn it back on it just deletes the key it created leaving the key from the GPO untouched.
But then if I delete the GPO key and run gpupdate it doesn’t add the key again, just leaves the one the OS added.
Is there a better way to disable this? This one doesn't seem to work...
I was trying to set "Let websites provide locally relevant content by accessing my language list" to off via GPO. I found several articles referencing the following :
"Let website provide ..."
Key: HKEY_CURRENT_USER\Control Panel\International\User Profile
Value name: HttpAcceptLanguageOptOut
Value data: 1 (disable the option)
I added this key through GPO and the key was added but the button still showed as on. So I manually turned the button off and it just made an extra identical key and now the button shows “off”….
If I turn it back on it just deletes the key it created leaving the key from the GPO untouched.
But then if I delete the GPO key and run gpupdate it doesn’t add the key again, just leaves the one the OS added.
Is there a better way to disable this? This one doesn't seem to work...
↧
↧
Computer Configuration - Unsigned Driver Installation Behavior Missing
Hello,
I am trying to silently install Sun VirtualBox in several of our computer labs, and part of the installation installs unsigned drivers. On my test Windows XP machine I simply edited the local security policy setting under Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Devices: Unsigned driver installation behavior to be Silently succeed .
Now that I have finished testing I went to modify the GPO for one of the computer labs and that setting isn't there.
I came in after our previous network administrator left, so I'm still getting a handle on how our domain is configured, but our domain controllers are Server 2003 R2, and we have a mix of Server 2008 and Server 2003 systems. Our clients are almost all Windows XP with a couple Vista systems in the IT Department.
Has this setting moved, or is there another way to manage the installation behaviors for unsigned drivers in windows XP? I plan on using System Center Configuration Manager to deploy the software.
-Dan
I am trying to silently install Sun VirtualBox in several of our computer labs, and part of the installation installs unsigned drivers. On my test Windows XP machine I simply edited the local security policy setting under Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Devices: Unsigned driver installation behavior to be Silently succeed .
Now that I have finished testing I went to modify the GPO for one of the computer labs and that setting isn't there.
I came in after our previous network administrator left, so I'm still getting a handle on how our domain is configured, but our domain controllers are Server 2003 R2, and we have a mix of Server 2008 and Server 2003 systems. Our clients are almost all Windows XP with a couple Vista systems in the IT Department.
Has this setting moved, or is there another way to manage the installation behaviors for unsigned drivers in windows XP? I plan on using System Center Configuration Manager to deploy the software.
-Dan
↧
Windows 10, Group Policy not applying immediately after logging in via wifi
Here's my issue:
Windows 10, build 1803. Lenovo laptops.
Shiny new campus, wifi network *only* (no wired Ethernet.)
Users log into Windows, machine and user get authenticated via certs.
Once logged in, users aren't able to get to \\DOMAIN.COM\SYSVOL (without being challenged for credentials) for anywhere from 2-15 minutes, which makes me think that's how long the wireless is taking to get them *fully* authenticated. During this time GPO's aren't being applied (security settings, registry settings. No logon scripts.) I monitor my registry, and th esettings are not applied during this time.
Once users can successfully get to \\DOMAIN.COM\SYSVOL. if they run a GPUPDATE /FORCE the policy settings all apply.
(When I use a wired Ethernet connection in the lab, everything works as expected. All GPOs immediately apply at logon.)
Looking for options to get the GPO's to apply at logon when on wifi.
I feel like I'm missing something simple, but I'm at a dead end.
↧
what is best practices to change redirect folder location from serv01 to serv02
Hi Support,
I am using server 2012 r2 with installed group Policy (redirect folder group policy) and now i want to change redirect folder location from serv01 to serv02 .
What is best practices to changes redirect folder location without too much impact on end users.
↧